ID CVE-2007-4512 Type cve Reporter cve@mitre.org Modified 2018-10-15T21:35:00
Description
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe.
{"id": "CVE-2007-4512", "bulletinFamily": "NVD", "title": "CVE-2007-4512", "description": "Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe.", "published": "2007-09-10T17:17:00", "modified": "2018-10-15T21:35:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4512", "reporter": "cve@mitre.org", "references": ["http://www.sophos.com/support/knowledgebase/article/29150.html", "http://osvdb.org/37527", "http://www.securityfocus.com/bid/25572", "http://www.vupen.com/english/advisories/2007/3077", "http://securityreason.com/securityalert/3107", "http://secunia.com/advisories/26714", "http://www.securityfocus.com/archive/1/478708/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36478"], "cvelist": ["CVE-2007-4512"], "type": "cve", "lastseen": "2019-05-29T18:09:01", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "230a8cc6edfc2cc31e5cec0264503fdf"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "1c1c809dece8a1fa25f1159e13738b84"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "e69d392477026816c56efa161f7363f0"}, {"key": "href", "hash": "3309a89a8a8b4f662cc1847915d1fc1f"}, {"key": "modified", "hash": "73f186d12fcb94bef0af0f0d2c3ea4e6"}, {"key": "published", "hash": "9a1752a56265c2787a145feb57068f97"}, {"key": "references", "hash": "aae89cd8a21d75e4bfc1bf20dc0a7297"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "cd1d7611cbdd13039922076988ac4b87"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "3a5f81f28c8ecf3f9fa54bdfb4aca17f44c67a76306615d5e13222b2cfc8ed26", "viewCount": 0, "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2019-05-29T18:09:01"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8124", "SECURITYVULNS:DOC:17945"]}, {"type": "osvdb", "idList": ["OSVDB:37527"]}, {"type": "nessus", "idList": ["SOPHOS_2_49_0.NASL"]}], "modified": "2019-05-29T18:09:01"}, "vulnersScore": 4.9}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "sophos anti-virus", "operator": "le", "version": "6.5.4_r2"}, {"name": "sophos anti-virus", "operator": "le", "version": "7.0"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": [], "cwe": ["CWE-79"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "## Solution Description\nUpdate to versions 6.5.8 or later, or 7.0.1 or later.\n## References:\n[Secunia Advisory ID:26714](https://secuniaresearch.flexerasoftware.com/advisories/26714/)\nOther Advisory URL: http://www.sophos.com/support/knowledgebase/article/29150.html\nISS X-Force ID: 36478\nFrSIRT Advisory: ADV-2007-3077\n[CVE-2007-4512](https://vulners.com/cve/CVE-2007-4512)\nBugtraq ID: 25572\n", "modified": "2007-09-04T00:00:00", "published": "2007-09-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37527", "id": "OSVDB:37527", "title": "Sophos Anti-Virus Archive Crafted Filename XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "description": "Name Cross Site Scripting Vulnerability in Sophos Anti-Virus \r\nSystems Affected Sophos Anti-Virus, version 6.5.4 R2\r\nSeverity Medium\r\nCategory Cross Site Scripting\r\nAuthor Context Information Security Ltd\r\nAdvisory 6th September 2007\r\n\r\nDescription\r\n-----------\r\nA ZIP archive containing a virus signature with a malformed file name will cause a Cross Site Scripting vulnerability to be triggered from within the Sophos Anti Virus client.\r\n\r\nAnalysis\r\n--------\r\nWhen Sophos anti-virus scans a specially crafted ZIP archive containing a XSS attack string, it will internally log the string. When this information is accessed via the Sophos client (SavMain.exe) the XSS attack string is unencoded. When the print function is called, the application can be used to run arbitrary code on the target machine from an external attacker?s submitted file.\r\n\r\nTechnologies Affected\r\n---------------------\r\nSophos Anti-Virus, version 6.5.4 R2\r\n\r\nResolution\r\n----------\r\nUpdate to version 6.5.8 or 7.0.\r\n\r\nVendor Response\r\n---------------\r\nSophos have patched this issue in version 7.01.\r\n\r\nCVE Details\r\n-----------\r\nThis issue has been provisionally assigned a CVE candidate number of CVE-2007-4512\r\n\r\nDisclosure Timeline\r\n-------------------\r\n18 April 2007 ? Initial Discovery and vendor notification\r\n19 April 2007 ? Vendor Response\r\n21 August 2007 ? Second Vendor Response\r\n6 September 2007 - Coordinated Public Release\r\n\r\nCredits\r\n--------\r\nMichael Jordon of Context Information Security Ltd\r\n\r\nAbout Context Information Security\r\n----------------------------------\r\n\r\nContext Information Security Limited is a specialist information security consultancy based in London and Frankfurt. Context promotes the holistic approach to information security and helps clients to identify, assess and control their exposure to risk within the fields of IT, telephony and physical security. Context employs experienced information security professionals who are subject-matter experts in their various technical specialisms. Context works extensively within the finance, legal, defence and government sectors, delivering high-end information security projects to organisations for which security is a priority.\r\n\r\nWeb: www.contextis.co.uk\r\nEmail: disclosure (at) contextis.co (dot) uk [email concealed]\r\n\r\nAbout Sophos\r\n------------\r\n\r\n"Sophos is a world leader in IT security and control solutions purpose-built for business, education, government organizations and service providers. Our reliably engineered, easy-to-operate products protect over 100 million users in more than 150 countries from viruses, spyware, adware, Trojans, intrusion, spam, policy abuse, and uncontrolled network access."\r\n", "modified": "2007-09-06T00:00:00", "published": "2007-09-06T00:00:00", "id": "SECURITYVULNS:DOC:17945", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17945", "title": "Sophos Anti-Virus 6.5.4 Vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "description": "Cross application scripting on ZIP archive content logging.", "modified": "2007-09-06T00:00:00", "published": "2007-09-06T00:00:00", "id": "SECURITYVULNS:VULN:8124", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8124", "title": "Sophos Antivirus cross aplication scripting", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2020-01-01T01:44:15", "bulletinFamily": "scanner", "description": "The version of Sophos Anti-Virus installed on the remote host\nreportedly contains several problems involving the processing of ", "modified": "2020-01-02T00:00:00", "id": "SOPHOS_2_49_0.NASL", "href": "https://www.tenable.com/plugins/nessus/26002", "published": "2007-09-07T00:00:00", "title": "Sophos Anti-Virus CAB, RAR and LZH Scanning Evasion", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(26002);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2007-4512\", \"CVE-2007-4787\");\n script_bugtraq_id(25572, 25574);\n\n script_name(english:\"Sophos Anti-Virus CAB, RAR and LZH Scanning Evasion\");\n script_summary(english:\"Checks version of Sophos engine\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sophos Anti-Virus installed on the remote host\nreportedly contains several problems involving the processing of 'CAB'\n'RAR' and 'LZH' files which may allow an attacker to evade the anti-\nvirus scanning by sending a specially-malformed archive. \n\nIn addition, an attacker may exploit an HTML injection vulnerability\nwhen processing a ZIP file.\");\n script_set_attribute(attribute:\"solution\", value:\"Update to Sophos Anti-Virus engine version 2.49.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 79);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:sophos:sophos_anti-virus\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sophos_installed.nasl\");\n script_require_keys(\"Antivirus/Sophos/installed\", \"Antivirus/Sophos/eng_ver\");\n\n exit(0);\n}\n\n\n# Get the signature database update for the target.\nengine = get_kb_item(\"Antivirus/Sophos/eng_ver\");\nif (!engine) exit(0);\n\nver = split(engine, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nfix = split(\"2.49.0\", sep:'.', keep:FALSE);\nfor (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\nfor (i=0; i<max_index(ver); i++)\n if ((ver[i] < fix[i]))\n {\n # nb: Sophos doesn't report the last part in its advisory.\n ver = string(ver[0], \".\", ver[1], \".\", ver[2]);\n report = string(\n \"\\n\",\n \"The current engine version on the remote is \", ver, \".\\n\"\n );\n security_warning(port:get_kb_item(\"SMB/transport\"), extra:report);\n break;\n }\n else if (ver[i] > fix[i])\n break;\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}
